bip-0325: clarify the OP_TRUE challenge special case #983

pull kallewoof wants to merge 1 commits into bitcoin:master from kallewoof:202008-signet-empty-commitment changing 1 files +3 −1
  1. kallewoof commented at 9:32 AM on August 28, 2020: member

    While OP_TRUE challenges have been implicitly accepted until now, it was never defined exactly how these should be solved. This adds an exception for the case where the challenge is OP_TRUE, that the solution must be absent. I.e. not even an empty signet commitment may be present, or the block should be considered invalid.

    Pros: this means a signet node with challenge OP_TRUE works exactly the same as testnet/mainnet, in terms of block generation (i.e. generate* RPC functions in Bitcoin Core can be used out of the box).

  2. kallewoof cross-referenced this on Aug 28, 2020 from issue BIP-325: Signet [consensus] by kallewoof
  3. in bip-0325.mediawiki:72 in cefb70f245 outdated 
      64 | @@ -65,10 +65,12 @@ The "to_sign" transaction is:
  65 |  
  66 |  The scriptSig and/or scriptWitness for <code>vin[0]</code> are filled in from the Signet header push above.
  67 |  
  68 | -To simplify block generation (mining), the signature also does not commit to the the block nonce value, so that rolling the nonce to generate proof-of-work does not also require regenerating signatures. When grinding proof of work, the extended nonce cannot be used as it would invalidate the signature. Instead, simply resigning the same (or an updated) block will give a new search space.
  69 | +To simplify block generation (mining), the signature also does not commit to the block nonce value, so that rolling the nonce to generate proof-of-work does not also require regenerating signatures. When grinding proof of work, the extended nonce cannot be used as it would invalidate the signature. Instead, simply resigning the same (or an updated) block will give a new search space.
  70 |  
  71 |  A block is considered fully validated only if the to_sign transaction is a valid spend of the to_spend transaction. It is recommended that this verification is done directly before or after the witness commitment verification, as the data required to do both is approximately the same.
  72 |  
  73 | +There is one other acceptable special case: if a block's challenge is equal to `OP_TRUE` (`0x51`), the block is considered valid iff the signet commitment is absent. (It is invalid if present, even if both scriptSig and scriptWitness are empty.)
    MarcoFalke commented at 9:48 AM on August 28, 2020:

    Reading the code, I don't think this is true. Additional bytes can be put in the commitment even with an OP_TRUE challenge.

    Also, it seems overly specific to mention OP_TRUE, as the only special case (There should be more than that)

    kallewoof commented at 9:56 AM on August 28, 2020:

    I wanted to say "Wouldn't that violate the segwit clean stack rule?" but I realize that rule is probably not enforced in signet validation.

    kallewoof commented at 1:27 PM on August 29, 2020:

    I modified to be less specific. Edit: Removed the part about empty present commitment being invalid.

  4. kallewoof force-pushed on Aug 29, 2020
  5. bip-0325: clarify the OP_TRUE challenge special case dfe1d77ca2
  6. kallewoof force-pushed on Aug 29, 2020
  7. kallewoof commented at 3:29 AM on September 1, 2020: member

    @luke-jr At your convenience, please merge.

  8. luke-jr merged this on Sep 1, 2020
  9. luke-jr closed this on Sep 1, 2020
  10. ajtowns cross-referenced this on Sep 3, 2020 from issue Slight cleanup of signet commitment description by instagibbs
  11. harding commented at 9:06 PM on September 4, 2020: contributor

    @kallewoof sorry I didn't review this when it was open, but the text in the patch doesn't match the OP in your PR description. The PR description states "where the challenge is OP_TRUE, that the solution must be absent" (my emphasis). The patch says, "if a block's challenge is e.g. OP_TRUE (0x51) [...] the block is also considered valid if the signet commitment is absent."

    In short, I read the first as "MUST be absent" and the second as "MAY be absent".

    I don't think the difference matters if the only goal is for things like the generate RPC to be usable---but if the goal is also for existing tools to be able to validate OP_TRUE signets, then perhaps "MUST be absent" is required.

  12. MarcoFalke commented at 9:29 AM on September 5, 2020: member

    existing tools will ignore the commitment anyway, so if it is absent or present shouldn't matter, no?

  13. harding commented at 12:43 PM on September 5, 2020: contributor

    @MarcoFalke I think you are correct and I see now that there was a resolved discussion on this PR between you and @kallewoof about this, which explains the reason for the discrepancy between the PR description and the actual change. Thanks!

Contributors
kallewoofMarcoFalkeharding
Linked (view graph)
#976 Slight cleanup of signet commitment description
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-19 11:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me